submitting spam to the razor database

Hello,

For background, I recently started using spamassassin with the razor
plugin, and as my question is regarding the razor database, I'm
addressing my query to this list.

Text files saved with my current MUA contain only body information, but
not headers.  Is spam submitted like this considered a valid submission?
 If it's not, I can use a different MUA that will include headers for
the  purposes of submission, the slight inconvenience being worth it, I
believe.  I wanted to be sure that any future submissions are useful.

vanillicat

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Re: submitting spam to the razor database

On Sat, Jun 01, 2002 at 07:20:41PM -0400, vanillicat wrote:
> Text files saved with my current MUA contain only body information, but
> not headers.  Is spam submitted like this considered a valid submission?
>  If it's not, I can use a different MUA that will include headers for
> the  purposes of submission, the slight inconvenience being worth it, I
> believe.  I wanted to be sure that any future submissions are useful.

Just make sure there's a blank line at the top of the file before you
run razor-report on it.  (arguably you should run "spamassasin -d"
instead to remove the SA markup in the body (if there is any.))

Does your MUA save the original message body or a "modified" version
(text wrap, no attachments, etc.)?  If so, then reporting it isn't going
to do any good.  If it's the full message body, then go right ahead.

--

-- 
Randomly Generated Tagline:
Doesn't the "Cockpit" sound like a type of brothel?

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Re: submitting spam to the razor database

I've been reporting messages that make it through the spamassassin
filters using spamassassin -r < spam.txt, as this is recommended over
using razor-report.  The text file generated by my MUA contains basic
header information (To: From: Subject: etc).  The -r switch is supposed
to strip the file of any spamassassin headers before it is automagically
reported.  Since the spam I've been reporting hasn't been flagged as
such by SA, no SA added lines have been present in the body, and the
headers it adds aren't saved by my MUA.

My MUA begins each text file with the From: line, not a blank line.  Why
is the
blank line important?  I can manually add a blank line if it's useful
before reporting it.  The MUA doesn't seem to mess with the text
wrapping at all.  I haven't reported anything with an attachment, so I
don't know how that is handled with the save to a text file.

I take it that the message body is what is most important to razor?

Thanks for your reply!

Theo Van Dinter said:
> On Sat, Jun 01, 2002 at 07:20:41PM -0400, vanillicat wrote:
>> Text files saved with my current MUA contain only body
>> information, but not headers.  Is spam submitted like this
>> considered a valid submission?
>>  If it's not, I can use a different MUA that will include headers
>>  for
>> the  purposes of submission, the slight inconvenience being worth
>> it, I believe.  I wanted to be sure that any future submissions
>> are useful.

Re: submitting spam to the razor database

[shuffled text to get a chronological ordering - please quote only
what's necessary and write your own comments below - that's much easier
to read]

On 2002-06-01 23:27:05 -0400, vanillicat wrote:
> Theo Van Dinter said:
> > On Sat, Jun 01, 2002 at 07:20:41PM -0400, vanillicat wrote:
> >> Text files saved with my current MUA contain only body
                                          ^^^^^^^^^^^^^^^^^
> >> information, but not headers.  Is spam submitted like this
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >> considered a valid submission?
> >
> > Just make sure there's a blank line at the top of the file before
> > you run razor-report on it.
> >
> > Does your MUA save the original message body or a "modified"
> > version (text wrap, no attachments, etc.)?  If so, then reporting
> > it isn't going to do any good.  If it's the full message body, then
> > go right ahead.
>
> The text file generated by my MUA contains basic header information
> (To: From: Subject: etc). Since the spam I've been reporting hasn't
> been flagged as such by SA, no SA added lines have been present in the
> body, and the headers it adds aren't saved by my MUA.
> 
> My MUA begins each text file with the From: line, not a blank line.
> Why is the blank line important? 

Because headers are separated from the body by a blank line. In your

6K Incoming signatures

Good day, all,
	I'll be sending in signatures from a 6100 verified-spam message
folder this week.  Jordan and Vipul, this is to let you know ahead of time
so you don't think I'm submitting tons of fake signatures.  For everyone
else, here's how I decided on what to submit.

	Junkfilter was my old spam catcher; I still use it to flag
messages that razor doesn't yet recognize.  I manually review messages
that end up in the "junkfilter-spam" folder, and only if I'm sure they're
spam do they make it to the "spam" folder.  I've gone back over the most
recent half of the "spam" folder again and used the following additional
checks to make certain that what I'm submitting is spam; these messages
get saved to the "verified-spam" folder, which is what I'll be
razor-reporting.
	First off, I'm _not_ submitting the usual outlook/exchange virus 
messages, although I'd be glad to if that's appropriate.
	I _am_ submitting messges with strings that match various body
parts, make the dollas schemes, house lending offers, etc.  Then I check
for character set strings for languages I couldn't possibly read.  Also,
I'm using domains and email addresses that send a large amount of spam.
	To see the entire list, see
http://www.stearns.org/razor-caching-proxy/spam-traits .

	Jordan or Vipul - if you have any concerns about this, would 
rather receive the data in a different form, or want the raw verified-spam 
folder instead, please let me know.  Otherwise I'll start feeding the 
messages this week.
	Tridge - I believe you were asking for collection of known spams.  
Is there a good way for me to get you a (bzip2 -9'd 8M) folder?
	Cheers,

False positive: IETF message

113b90ff59279a0d50b1f7e4535627e46318b4b7

----Original message---
Subject: I-D ACTION:draft-ietf-dnsext-rfc2539bis-dhk-02.txt
Sender: nsyracus <at> cnri.reston.va.us

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.

	Title		: Storage of Diffie-Hellman Keys in the Domain Name 
                          System (DNS)
	Author(s)	: D. Eastlake
	Filename	: draft-ietf-dnsext-rfc2539bis-dhk-02.txt
	Pages		: 9
	Date		: 31-May-02
	
A standard method for storing Diffie-Hellman keys in the Domain Name
System is described which utilizes DNS KEY resource records.

--
Tullio Andreatta Logicom S.r.l. (Gruppo Finmatica) http://www.logicom.it/
Sede operativa: Via Vergnano, 2 - I-25100 Brescia ITALY

Disclaimer: "Please treat this email message in a reasonable way, or we
    might get angry" ( http://www.goldmark.org/jeff/stupid-disclaimers )

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

False positive: IETF message

0208f6f933a0424c68b8fb8c8360c4aa4d5175c2

----Original message---
Subject: I-D ACTION:draft-ietf-dnsext-rfc2536bis-dsa-02.txt
Sender: nsyracus <at> cnri.reston.va.us

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the DNS Extensions Working Group of the IETF.

	Title		: DSA KEYs and SIGs in the Domain Name System (DNS)
	Author(s)	: D. Eastlake
	Filename	: draft-ietf-dnsext-rfc2536bis-dsa-02.txt
	Pages		: 7
	Date		: 31-May-02
	
A standard method for storing US Government Digital Signature
Algorithm keys and signatures in the Domain Name System is described
which utilizes DNS KEY and SIG resource records.

--
Tullio Andreatta Logicom S.r.l. (Gruppo Finmatica) http://www.logicom.it/
Sede operativa: Via Vergnano, 2 - I-25100 Brescia ITALY

Disclaimer: "Please treat this email message in a reasonable way, or we
    might get angry" ( http://www.goldmark.org/jeff/stupid-disclaimers )

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Quick Question

Re: Quick Question

On Monday 03 June 2002 01:59 pm, AHYDLE <at> thq.com wrote:
> I am trying to configure Razor to work behind my firewall in a DMZ and I
> need to know what ports it needs open in order to work?
>
>
>
> This message, including any attachments, may contain privileged and/or
> confidential information. Any distribution or use of this email by anyone
> other than the intended recipient(s) is strictly prohibited. If you are not
> the intended recipient, please notify the sender immediately and delete all
> copies. Thank you.

I hereby notify the sender that I am not the intended recipient of this
message, and attaching such a disclaimer at the end of a public
mailing list is fundamentally silly.

--

-- 
_________________________________________________
No I Don't Yahoo!
And I'm getting pretty sick of being asked if I do.
_________________________________________________
John Andersen / Juneau Alaska

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

Re: Quick Question

Good day, AHYDLE(?),

On Mon, 3 Jun 2002 AHYDLE <at> thq.com wrote:

> I am trying to configure Razor to work behind my firewall in a DMZ and I
> need to know what ports it needs open in order to work?

	Outbound connections to ports 7/tcp and 2702/tcp only.  If you 
want to get really strict, only to the hosts {a,b,c}.razor.vipul.net. at 
the moment, although this may grow as more servers come online.
	http://www.stearns.org/razor-caching-proxy/ if you want to use a 
userspace proxy instead of direct connections.

> This message, including any attachments, may contain privileged and/or
> confidential information. Any distribution or use of this email by anyone
> other than the intended recipient(s) is strictly prohibited. If you are not
> the intended recipient, please notify the sender immediately and delete all
> copies. Thank you.  

	Agreed - is this really necessary for a message to a public list?
	Cheers,
	- Bill

---------------------------------------------------------------------------
        "I give up, how DO you keep a mathematician busy for 350 years?"
        -- Pierre de Fermat's friend
(Courtesy of Tim Connors <tcon <at> Physics.usyd.edu.au>)
--------------------------------------------------------------------------
William Stearns (wstearns <at> pobox.com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                        http://www.stearns.org
--------------------------------------------------------------------------

_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm